[benzedrine.ch logo]
Contents
Home
Daniel Hartmeier
Packet Filter
pfstat
Mailing list
Annoying spammers
Prioritizing ACKs
Transparent squid
Proxy ICB/IRC
milter-regex
milter-spamd
milter-checkrcpt
login_yubikey
Dorabella
Tron
Planet Wars
Hexiom solver
3D-ODRPP
Polygon partition
Mikero's grid puzzle
Dark Star
Misc
Statistics


Reject mail with no valid recipients

Introduction

A lot of spam I see does not use valid recipients. Either many address harvesters are buggy, or spammers are trying to guess addresses.

The point is that a significant percentage (if not even the majority) of spams don't carry valid recipients. Checking the validity of a recipient is much cheaper than content-based analysis, as done with milter-spamd.

However, filtering is often done on an intermediate relay, which doesn't have a complete list of all valid recipients. Maintaining a copy of the list on the relay would be cumbersome.

This is the sole purpose of milter-checkrcpt. It checks the validity of recipients by asking another mail server, like your internal mail server, which already has the complete list of valid users.

Invalid recipients are permanently removed from mails. Mails with no valid recipients are refused.

See milter-regex for a general introduction about milter plugins.

milter-checkrcpt runs on OpenBSD and is BSD licensed.

Man page

MILTER-CHECKRCPT(8)     OpenBSD System Manager's Manual    MILTER-CHECKRCPT(8)

NAME
     milter-checkrcpt - sendmail milter plugin for recipient checking against
     server

SYNOPSIS
     milter-checkrcpt [-d] [-h helo] [-m mailfrom] [-p pipe] [-r recipient]
                      [-s server] [-u user]

DESCRIPTION
     The milter-checkrcpt plugin can be used with the milter API of
     sendmail(8) to filter mails with invalid recipients.  The validity of a
     recipient address is determined by querying another mail server over
     SMTP.

     The options are as follows:

     -d            Don't detach from controlling terminal and produce verbose
                   debug output on stdout.

     -h helo       Use the specified string in the SMTP HELO line sent to the
                   server, instead of the default, the local host name.

     -m mailfrom   Use the specified string in the SMTP MAIL FROM line sent to
                   the server, instead of the default, milter-checkrcpt@helo.

     -p pipe       Use the specified pipe to interface sendmail(8).  Default
                   is unix:/var/spool/milter-checkrcpt/sock.

     -r recipient  Test the specified recipient and terminate immediately.

     -s server     Use the specified server IP address.  This option is manda-
                   tory.

     -u user       Run as the specified user instead of the default, _milter-
                   checkrcpt.  When milter-checkrcpt is started as root, it
                   calls setuid(2) to drop privileges.  The non-privileged us-
                   er should have read access to the configuration file and
                   read-write access to the pipe.

RECIPIENT CHECKING
     Recipients are checked by contacting the specified server and performing
     the following SMTP dialogue:

           220 WELCOME
           HELO helo
           250 HELO ACCEPTED
           MAIL FROM: <mailfrom@helo>
           250 SENDER OK
           RCPT TO: <recipient>
           250 RECIPIENT OK
           QUIT
           221 CLOSING

     If the server responds with positive completion reply codes (200-299) to
     all commands sent, or with a temporary failure code (400-499) to any com-
     mand sent, the recipient is considered valid.  If any command results in
     a different reply code, the recipient is considered invalid.  If the con-
     nection to the server cannot be established at all, the recipient is con-
     sidered valid.  Note that this dialogue does not actually send any mail
     to the server.  A single mail can have one or multiple recipients.  The
     plugin checks each recipient, removing any invalid recipients from the
     mail.  If no valid recipients are found, the plugin instructs sendmail(8)
     to reject the mail with SMTP reply code 554 ("Transaction failed"), ex-
     tended reply code 5.7.1 ("Permanent failure"), and reply text "No valid
     recipients".  Otherwise, the plugin accepts the mail.

SENDMAIL CONFIGURATION
     The plugin needs to be registered in the sendmail(8) configuration, by
     adding the following lines to the .mc file

           INPUT_MAIL_FILTER(`milter-checkrcpt',
                   `S=unix:/var/spool/milter-checkrcpt/sock, T=S:30s;R:2m')

     rebuilding /etc/mail/sendmail.cf from the .mc file using m4(1), and
     restarting sendmail(8).

LOGGING
     milter-checkrcpt sends log messages to syslogd(8) using facility daemon
     and, with increasing verbosity, level err, notice, info and debug.  The
     following syslog.conf(5) section can be used to log messages to a dedi-
     cated file:

     !milter-checkrcpt
     daemon.err;daemon.notice        /var/log/milter-checkrcpt

SEE ALSO
     mailstats(1), syslog.conf(5), sendmail(8), syslogd(8)

     Simple Mail Transfer Protocol, RFC 2821.

HISTORY
     The first version of milter-checkrcpt was written in 2007.

AUTHORS
     Daniel Hartmeier <[email protected]>

OpenBSD 4.4                      May 20, 2009                                2

Sources

History

0.3: Mar 7, 2012

Do not refuse mail when the backend server reports temporary failure (4xx) (suggested by Shinta Sato).

0.2: Jul 12, 2011

Don't generate space after MAIL FROM:/RCPT TO: (from Claus Assmann).

0.1: May 20, 2009

First public version.

Related links

Last updated on Tue Sep 26 08:57:43 2017 by [email protected].